Web Application Security Risk Assessment Using ISO/IEC 27005:20022 Standard for Organizational Services

PENILAIAN RESIKO KEAMANAN APLIKASI WEB MENGGUNAKAN STANDAR ISO/IEC 27005 : 20022 PADA LAYANAN ORGANISASI

Authors

  • Nungky Chandra Universitas Mercu Buana
  • Mohamad Yusuf

DOI:

https://doi.org/10.37859/coscitech.v6i2.9994
Keywords: Risk; Security; ISO 27005; Information Assets; Applications Resiko; Keamanan; ISO 27005; Aset Informasi; Aplikasi

Abstract

The problem of information security vulnerability and threat risks is increasing, so it is necessary to be able to analyze the risk situation of future information security threats and vulnerabilities, especially for application services of a community organization. Research on the application of information security risk analysis based on the ISO/IEC 27005: 2022 framework in an organization's service applications. ISO/IEC 27005: 2022 is an international standard used for guidelines for implementing the most effective information security risk analysis process compared to other information security risk assessment method frameworks. The results of the assessment are to measure the level of information security risk of an organization's service application so that it can be used as material for improvements in carrying out information security prevention and control measures so that vulnerability gaps and threats of information security attacks can be reduced. The results of this study can describe the risk value in the organization's service application with 3 high-risk categories, namely in financial transaction data (risk value 20), customer database (risk value 16), and server configuration (risk value 15). And medium risk values are found in public APIs (risk value 12) and internal report data (risk value 6).

Downloads

Download data is not yet available.

References

ISO/IEC, "International Standard ISO/IEC 27005: 2022," International Organization for Standardization, London, 2022.

Liao, Z., Nazir, S., Khan, H. U., & Shafiq, M. (2021). Assessing security of software components for internet of things: A systematic review and Future Directions. Security and Communication Networks, 2021, 1–22.

Putra, I. M., & Mutijarsa, K. (2021). Designing information security risk management on Bali Regional Police Command Center based on ISO 27005. 2021 3rd East Indonesia Conference on Computer and Information Technology (EIConCIT

NIST, "NIST SP 800-30 Revision 1: Guide for conducting risk assessments," National Institute of Standards and Technology, Gaithersburg,

Hadmanto, H.D., Aji, R.F., Nurahman, J.P. (2021). Penilaian Risiko Keamanan Informasi Aplikasi Online Travel Agent : Studi Kasus PT.XYS, Jurnal Restikom : Riset Teknik Informatika dan Komputer, Vol. 3 No. 2,2021, pp-60-69

Albalawi, Mariam. (2022). Website Defacement Detection and Monitoring Methods: A Review. Electronics 2022, 11, 3573.

Syahindra, I P. S., Primasari, C.H. & Irianto, A.B.P. (2022). Evaluasi Risiko Keamanan Informasi DISKOMINFO Provinsi XYZ menggunakan Indeks KAMI dan ISO 27005 : 2011. JURNAL TEKNOINFO Volume 16, Nomor 2, Juli 2022, Page 165-182.

Hendayun, M., Utomo, H. P., & Nababan, D. P. (2021). Pengujian dan Penilaian Kerentanan ELearning Universitas Langlangbuana Menggunakan Metode STRIDE dan DREAD. 2(2), 2–6.

Isnaini, K. N., & Solikhatin, S. A. (2020). Information security analysis on physical security in university x using maturity model. Jurnal Informatika, 14(2), 76

Isnaini, K. N., & Suhartono, D. (2022). Evaluation of Basic Principles of Information Security at University Using COBIT 5. MATRIK : Jurnal Manajemen, Teknik Informatika Dan Rekayasa Komputer, 21(2), 317–326.

Jonny, J., Ambarwati, A., & Darujati, C. (2021). Penilaian Risiko Data Sistem Informasi Manajemen Puskesmas dan Aset Menggunakan ISO 27005. Sistemasi, 10(1), 1

Laksono, A. C., & Prayudi, Y. (2021). Threat Modeling Menggunakan Pendekatan STRIDE dan DREAD untuk Mengetahui Risiko dan Mitigasi Keamanan pada Sistem Informasi Akademik. JUSTINDO (Jurnal Sistem Dan Teknologi Informasi Indonesia), 6(1), 9–20

Ramadhintia, R., & Bisma, R. (2021). Jurnal Sistem dan Teknologi Informasi Analisis Manajemen Risiko Aplikasi Ujian Online dengan Metode OCTAVE Allegro pada lembaga pendidikan. 6(2)

Wijaya, R. A., & Karmilasari, K. (2021). Pengukuran Kualitas Website Pengurus Cabang NU Depok Menggunakan Software Metric. Jurnal Sisfokom (Sistem Informasi Dan Komputer), 10(3), 438–443

Chandra, N.A., Ramli, K., Ratna, A.A.P., Information Security Risk Assessment Using Situational Awareness Frameworks and Application Tools, MDPI, Risks 2022, 10, 165. https://doi.org/10.3390/risks10080165

Downloads

Published

2025-09-03

How to Cite

Chandra, N., & Mohamad Yusuf. (2025). Web Application Security Risk Assessment Using ISO/IEC 27005:20022 Standard for Organizational Services: PENILAIAN RESIKO KEAMANAN APLIKASI WEB MENGGUNAKAN STANDAR ISO/IEC 27005 : 20022 PADA LAYANAN ORGANISASI. Jurnal CoSciTech (Computer Science and Information Technology), 6(2), 206–213. https://doi.org/10.37859/coscitech.v6i2.9994

Issue

Vol. 6 No. 2 (2025): Jurnal Computer Science and Information Technology (CoSciTech)

Section

Articles